Serious Discussion Security configuration Gurus

[Practical Response]

I have been on the board speaking highly of using good habits as opposed to layering redundant security. I would like to discuss something today to see where all stand on this issue.

I will start with a simple question: With all these tightly configured systems, do you all have a means to detect and protect against a server side trojan?

Not on the devices, not on the network, but the server your gateway connects to. What happens when a network trojan lands on one of those servers a "infostealer" and its just out of reach, how do you protect your data then, will all that layered security you have protect you?

Now I ask this as I mentioned using good habits, like offline storage of images and back-ups of personal files, not storing anything on the system, and being careful what you divulge not only for information protection but what little true privacy one could afford on the net and uploading executable's and URLs to check before proceeding to click. What if one replaces convenience with due diligence, like stop shopping so much online, shop as local as possible, feed your own economy which of course benefits you in every way, stop using the internet to bank so much, go in person as often as possible, limit the amount of data your are releasing onto the web. Will this stop everything, no, but it lessons it drastically. As I just mentioned up above, you can control your network and devices, but once your information goes beyond that point, its vulnerable again.

Cloud storage and ISP servers are not keep up to date as they should, many times because they can not afford to take the time down or afford to upgrade so often. Those servers are juicy targets for hackers, just watch the news. Just as any websites, social media, ect you become part of, places you in that platforms hands and capabilities to keep your information safe.

Should all users just walk around paranoid now that they realize once it leaves their network its out of their control? No, but they should use good habits, limit exposure, and keep a constant contingency on hand offline. Hence why I have been pushing good habits so often, as its over looked. Many times here I see users playing with software they have no idea how to use properly, let alone using good habits with it as they now think they are untouchable with a false sense of security.

I would love to hear thoughts on this.

 

[Bot]

I agree with your point, good habits are indeed the cornerstone of any strong security posture. While layered security is critical, it can't protect against every possible threat, especially when it comes to server-side Trojans. You're right in pointing out that no matter how secure your own network is, once data leaves it, it's potentially vulnerable.

In terms of mitigating these risks, offline storage, careful data sharing, and due diligence can certainly help. I believe in a mixed approach - using technology to secure what we can, and good habits to protect the rest.

Cloud storage and ISP servers should definitely be kept up-to-date, but it's out of our control. Hence, it's crucial to be vigilant about what data we store and share online.

Paranoia isn't the answer, but a healthy sense of skepticism combined with good habits can go a long way in securing our digital lives. It's about striking a balance between convenience and security.

In short, I fully support your push for good habits. It's an important message that needs to be heard more often.

 

[Andy Ful]

I have been on the board speaking highly of using good habits as opposed to layering redundant security.

I think caution and good habits can sum up to 90% of the home users' security.
The problem is that most people do not believe that they keep good habits all the time, and many of them are right.

 

[Xeno1234]

I think caution and good habits can sum up to 90% of the home users' security.
The problem is that most people do not believe that they keep good habits all the time, and many of them are right.

For home users, good anti malware, anti phishing, and not running random files is probably more than enough. It’s not perfect, but it works.

Most of your friends probably aren’t infected, and they aren’t using super secure multilayered security.

 

[Practical Response]

The problem is that most people do not believe that they keep good habits all the time, and many of them are right.

It's called a habit for a reason, one has to practice it until it becomes one.

 

[Practical Response]

Most of your friends probably aren’t infected, and they aren’t using super secure multilayered security.

I have been debating about these practices with users that have no idea how the applications they are using actually work. It's like standing in combat with a highly sophisticated machine gun and having no idea how to chamber the first round, pointless..

 

[Xeno1234]

I have been debating about these practices with users that have no idea how the applications they are using actually work. It's like standing in combat with a highly sophisticated machine gun and having no idea how to chamber the first round, pointless..

In terms of security, why do you need to know why things work?

If you’re a home user who doesn’t need to worry about targeted attacks, you need to know basic practices, what malware is and that it’s bad, and know that anti malware detects malware.

 

[Acadia]

Heh, this discussion reminds me of a quote I once heard: The weakest link in a person's computer security chain is the piece of fleshware that sits between the chair and the keyboard.
Acadia

 

[Victor M]

All I got to add is this: I divide hackers into 2 types, some disrupt your system, and some lie low and observe. It is easy to detect the first type, because things aren't working anymore. But the second type is hard to discover. The type that everybody thinks of automatically is type 1.

 

[Practical Response]

In terms of security, why do you need to know why things work?

If you’re a home user who doesn’t need to worry about targeted attacks, you need to know basic practices, what malware is and that it’s bad, and know that anti malware detects malware.

You are asking why it's necessary for a user to learn an advanced application "3rd party" if they do chose to use it.

First and most importantly, misconfigured security will cause all kinds of issues, maybe even open vulnerability that did not exist before hand, basically expanding the attack surface of their device.

Secondly and more importantly, users that use advanced products but do not know how to use them will be lax in their habits with a false sense of security.

If the user copies a user guide of how to install and set up a product according to another's uses, they have no idea how the application works, why those changes were placed and what to do when something occurs.

 

[Victor M]

Secondly and more importantly, users that use advanced products but do not know how to use them will be lax in their habits with a false sense of security.

Very true. Many people here on MT place too much emphasis and totally rely on fancy AVs to do the Whole Job of security by just enabling every feature. The feature that I shop for are products that have configurable rules.

If a product doesn't have tune-able rules, then you are relying on it's built in detection capabilities. ( signature, behavior, AI ... ). And built in, non-tune-able detections are guaranteed to fail to detect. If it misses just one detection opportunity, you are hosed.

 

[Victor M]

And I left out one type of hacker in post #9. There are hackers that don't pay you a visit; they craft malware and distribute them. They may set up shop and rent them.

 

[Xeno1234]

All I got to add is this: I divide hackers into 2 types, some disrupt your system, and some lie low and observe. It is easy to detect the first type, because things aren't working anymore. But the second type is hard to discover. The type that everybody thinks of automatically is type 1.

With type 2 though, you’d eventually notice something. It might take a while but a hacker is in it to probably gather information and spread it. A hacker will not hack you for the sole purpose of learning about you for their curiosity, they want your accounts or money.

For example: your accounts get hacked. You notice withdraws or suspicious activity. They have hacked you and have full access, but at least you know

 

[Xeno1234]

You are asking why it's necessary for a user to learn an advanced application "3rd party" if they do chose to use it.

First and most importantly, misconfigured security will cause all kinds of issues, maybe even open vulnerability that did not exist before hand, basically expanding the attack surface of their device.

Secondly and more importantly, users that use advanced products but do not know how to use them will be lax in their habits with a false sense of security.

If the user copies a user guide of how to install and set up a product according to another's uses, they have no idea how the application works, why those changes were placed and what to do when something occurs.

In terms of MalwareTips members, this applies.

For most people though, I’m going to assume they install an antivirus and leave it at default. This works for most.

 

[LennyFox]

Not on the devices, not on the network, but the server your gateway connects to. What happens when a network trojan lands on one of those servers a "infostealer" and its just out of reach, how do you protect your data then, will all that layered security you have protect you?


I would love to hear thoughts on this.

There is not much to discuss about. IT-wise you can't do much against server side breaches. Everything you trust to servers could be accessed by that infostealer.

So common sense or safe hex is the only thing left. Common sense in regard to the sites you trust your data to and the amount sensitive data you allow on one siite.

To some degree bigger is better (Amazon puts more money into security than a smal local webshop), but every now and then the news section on MT shows that the big brands also suffer from breaches. Since webshops started to collect (keep) my bank account (data) for my convenience, I stopped creating accounts at websites (and asked some webshops to delete my account). This reduces the distribution of my data to some extend (but all services which charge repeating e.g. monthly payments still require my bank account data).

 

[rashmi]

Best of luck with your topic! Unfortunately, many people may see your post as gibberish because they simply don’t care. With forum users, there is a wide range of personalities - some are paranoid, some are fans, some like to show off, some are experimental, some pretend to know more than they do, some are experts, many are ignorant, and only a few are truly wise.

 

[Practical Response]

All I got to add is this: I divide hackers into 2 types, some disrupt your system, and some lie low and observe. It is easy to detect the first type, because things aren't working anymore. But the second type is hard to discover. The type that everybody thinks of automatically is type 1.

Home users are not lucrative enough to draw the dire of a direct hacking attack on their network. Hackers are not going to and the key word here is "risk" for a single home users possible "$9.80" in their bank account and coupons stuck on the fridge. Unless a user directly upsets a criminal organization to the point of a direct attack, its doubtful anyone of the average users here will ever see one.

Very true. Many people here on MT place too much emphasis and totally rely on fancy AVs to do the Whole Job of security by just enabling every feature. The feature that I shop for are products that have configurable rules.

If a product doesn't have tune-able rules, then you are relying on it's built in detection capabilities. ( signature, behavior, AI ... ). And built in, non-tune-able detection's are guaranteed to fail to detect. If it misses just one detection opportunity, you are hosed.

Actually the latter part of users you describe are exactly what I was referring too, the ones that use advanced products with manually rule adjustment and creation, most of them have no idea how to use the applications, they follow guides with no true understanding, and have a false sense of security because of, not realizing that one misconfiguration will leave them more vulnerable then they were to begin with.

There is not much to discuss about. IT-wise you can't do much against server side breaches. Everything you trust to servers could be accessed by that infostealer.

So common sense or safe hex is the only thing left. Common sense in regard to the sites you trust your data to and the amount sensitive data you allow on one siite.

To some degree bigger is better (Amazon puts more money into security than a smal local webshop), but every now and then the news section on MT shows that the big brands also suffer from breaches. Since webshops started to collect (keep) my bank account (data) for my convenience, I stopped creating accounts at websites (and asked some webshops to delete my account). This reduces the distribution of my data to some extend (but all services which charge repeating e.g. monthly payments still require my bank account data).

Bigger organizations actually have the funding to keep their infrastructure current and even state of the art. Whether or not they dedicate the funding towards this and their IT department is another story, most will try to get by with what they can, diverting funds elsewhere. This and the fact that the bigger the more lucrative of a target and worth the "risk" as stated earlier it would be to find one of many vulnerabilities in everything to exploit. This combined with "phishing" result in many issues for average users, although one can not do much about the former, with good habits they certainly can do something about the latter.

Best of luck with your topic! Unfortunately, many people may see your post as gibberish because they simply don’t care. With forum users, there is a wide range of personalities - some are paranoid, some are fans, some like to show off, some are experimental, some pretend to know more than they do, some are experts, many are ignorant, and only a few are truly wise.

I couldn't agree more with your assessment, although you left out one particular type here and that's the knowledgeable experts/pretenders that are self-serving, only care about what they can gain from it all, and will misguide others in those pursuits. Of course that could be labeled under ignorant I suppose.

As of right now though as I type this, there are 34 members signed in and 530 guest reading, so hopefully this topic reaches some home users that could benefit from advice of using good habits.

 

[Jan Willy]

so hopefully this topic reaches some home users that could benefit from advice of using good habits.

Or better: become aware of bad habits.

 

[Jan Willy]

Since webshops started to collect (keep) my bank account (data) for my convenience, I stopped creating accounts at websites

Please explain. Are you afraid that webshops misuse your (few) bank account data or that hackers of those sites do so?

 

[Xeno1234]

There is not much to discuss about. IT-wise you can't do much against server side breaches. Everything you trust to servers could be accessed by that infostealer.

So common sense or safe hex is the only thing left. Common sense in regard to the sites you trust your data to and the amount sensitive data you allow on one siite.

To some degree bigger is better (Amazon puts more money into security than a smal local webshop), but every now and then the news section on MT shows that the big brands also suffer from breaches. Since webshops started to collect (keep) my bank account (data) for my convenience, I stopped creating accounts at websites (and asked some webshops to delete my account). This reduces the distribution of my data to some extend (but all services which charge repeating e.g. monthly payments still require my bank account data).

Correct me if I’m wrong, but isn’t there enterprise server security? I’d assume that would block breaches on the server side. Even if a breach is done, wouldn’t there be investigation response through these solutions as well?